Batch Search Does Not Respect Site Security

Users that belong to site security group can search for and open batches that belong to a site they should not have access to. These same batches cannot be found in the uncommitted batches dataform.

Article
Number:110544

Products:

Blackbaud_CRM

Download and install the latest service pack, which contains all fixes from previous service packs. If you are running an older version, download and install the latest version and then the service pack.

Steps to Duplicate

1. Setup a user with sufficient privileges to access, create, and edit batches. Add a site to their role.2. Create a batch template and assign a different site than used in step 1.3. Add a new batch using the site secured template and fill out at least one line. Note the batch number.4. Run CRM as the site secured user account from step 1.5. Navigate to Administration > Batch > Uncommitted Batches and note that you cannot find the site secured batch.6. Click on Batch Search and enter the Batch Number. Note that you can find, open, and edit this batch.